Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

PREVENTIVKA

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lebka75
Návštěvník
Návštěvník
Příspěvky: 301
Registrován: 25 říj 2009 23:46

PREVENTIVKA

#1 Příspěvek od lebka75 »

zdravím, prosím o preventivku, děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2021
Ran by já (administrator) on DESKTOP-8PLP21H (Acer Aspire ES1-512) (13-03-2021 19:56:40)
Running from C:\Users\já\Desktop
Loaded Profiles: já
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(geek software GmbH -> geek software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2102.8653.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Viber Media S.à r.l. -> Viber Media S.à r.l.) C:\Users\já\AppData\Local\Viber\Viber.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\Run: [Viber] => C:\Users\já\AppData\Local\Viber\Viber.exe [30797904 2017-09-13] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\MountPoints2: {895511a2-7d06-11e8-9fb4-206a8aa24e4f} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2161920 2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-06] (Google LLC -> Google LLC)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16B0C8C9-5B4B-49B3-ABD2-F82009906736} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1BD7A831-7182-4916-ABAE-0DFD1EE0EC5D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2AF1A89C-F5F3-4C79-B0DF-C9B6319A482F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {456B0D18-AF31-45B6-B14F-91CAE5764E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62A28F1A-19BA-4720-B0F6-F38EE553D501} - System32\Tasks\Werwuphtherhing Client => C:\Program Files (x86)\Atukaygheleing\wrwclientjdr.exe
Task: {665A23CE-4293-458C-951F-491CE61BE3A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6961080D-1B26-4871-B7AC-2AF54C8A2BBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {81647CB0-FCF9-41D5-BFE0-F364FBACD550} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {ADC71B45-E9CE-4F95-8830-6EA5A652BCE5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {B0335A96-2927-46A9-9D86-2579CB671470} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-07] (Google Inc -> Google Inc.)
Task: {CB0C02EE-993D-41A0-B3D6-500FEE4D02DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-07] (Google Inc -> Google Inc.)
Task: {FCF90F54-129D-4BAA-8221-5717E5CF9C79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FDDCFE46-B6E8-4069-B9F5-A7B4A1CAE3F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{639aff68-58c1-4ebd-9aca-0abc36958470}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71f1ac28-025c-4086-9fb9-d0cba551526c}: [DhcpNameServer] 10.0.0.138

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2021
Ran by já (13-03-2021 19:50:52)
Running from C:\Users\já\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2020-06-28 20:17:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-912284268-512413669-3595411638-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-912284268-512413669-3595411638-503 - Limited - Disabled)
Guest (S-1-5-21-912284268-512413669-3595411638-501 - Limited - Disabled)
já (S-1-5-21-912284268-512413669-3595411638-1001 - Administrator - Enabled) => C:\Users\já
WDAGUtilityAccount (S-1-5-21-912284268-512413669-3595411638-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Out of date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Disabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.16.161230 - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.19.170329 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 5.3.3.2 (HKLM-x32\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation)
Mazda Toolbox (HKLM-x32\...\Mazda Toolbox) (Version: - )
Micro Foundation 2 version 1.3 (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\{B1E414B9-EBB1-4940-B64B-83D18C2DB853}}_is1) (Version: 1.3 - Micro Foundation 2, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
One Click Root (HKLM-x32\...\{6EAD0BE5-D1CF-4BE8-A66F-53FE9B8D89CC}) (Version: 1.0.0.4 - One Click Root)
PDF24 Creator 9.2.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.2 - PDF24.org)
PDF-XChange Editor (HKLM\...\{FCF7B5F2-5903-496E-A0FC-CF7D80F639E6}) (Version: 7.0.328.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{fae4f082-14b4-4a76-a508-939fd140e2f3}) (Version: 7.0.328.1 - Tracker Software Products (Canada) Ltd.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.71 - VSO Software)
Vypínač na dobrou noc verze 2.0 (HKLM-x32\...\Vypínač na dobrou noc_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare AllMyTube(Build 7.4.6.6) (HKLM-x32\...\AllMyTube_is1) (Version: 7.4.6.6 - Wondershare)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-02] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-03 10:44 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-12-03 10:44 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-12-03 10:44 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231944968007426&GUID=C33F4CEC-6AE8-457A-91C9-796B70D4BEB1
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231944968031751&GUID=C33F4CEC-6AE8-457A-91C9-796B70D4BEB1
SearchScopes: HKU\S-1-5-21-912284268-512413669-3595411638-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-01-13 02:12 - 2016-09-29 18:18 - 000000753 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\já\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\111111111111.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{71A323A2-C1B9-4B73-8301-7957666B0B33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A135B4B-D9C6-4A93-84EC-7B50961DE2B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B34347ED-A7CC-4437-A987-5FF6A98ABD56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B314725F-0113-4BA9-85FA-E034172B180D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{77C3BD57-FE8A-4634-921F-ACB4F1C82CB5}] => (Allow) LPort=1900
FirewallRules: [{359B1826-AECD-4106-A908-EBD4185A6BAC}] => (Allow) LPort=2869
FirewallRules: [{8FF95AB1-D705-43C0-8DE7-1F6B41201183}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D226257-36B0-4751-85A5-2AC132BBA523}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{0598EA93-22BE-4310-BD6C-731271DFE0F7}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3CAC7DDC-7256-402A-8819-97CE996CD4D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{56228B00-0FBA-4DF9-8877-2F1A2E537764}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{BBBFCE73-4F1D-49BF-AD5E-E7B64D5C8A84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{610DFEE1-9C54-4D6E-B05A-6D04464D6DC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC6D1F58-D7BA-44B3-892B-F5AF7E968175}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68681A10-3268-4C08-B1C3-AC5264B5D06B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FCAC1CE8-3B5D-41A7-BA3A-EDB45AD665FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7FDC33A-79D7-40B3-B304-ECA805533EA2}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{24311152-AD07-4244-A0AD-9D1E4EF3C872}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E42EBEA9-3667-46C6-BD3A-46EFEAFD62A4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File

==================== Restore Points =========================

12-03-2021 23:17:13 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/13/2021 07:24:11 PM) (Source: ssinstall) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/13/2021 07:03:06 PM) (Source: MsiInstaller) (EventID: 11306) (User: DESKTOP-8PLP21H)
Description: Product: Avira Software Updater -- Error 1306. Another application has exclusive access to the file 'C:\ProgramData\Avira\SoftwareUpdater\ShavlikData\ManifestSynchronizerSample.log'. Please shut down all other applications, then click Retry.

Error: (03/13/2021 12:48:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: aphostservice.dll, verze: 10.0.19041.746, časové razítko: 0x096db171
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000001ca9f
ID chybujícího procesu: 0x1350
Čas spuštění chybující aplikace: 0x01d71793d67e2e53
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\aphostservice.dll
ID zprávy: b77506e8-efab-4744-a894-72e960b893fb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/13/2021 12:34:16 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (03/13/2021 12:00:49 AM) (Source: ssinstall) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/12/2021 11:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ekrn.exe, verze: 10.16.58.0, časové razítko: 0x5f96897c
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x6c4
Čas spuštění chybující aplikace: 0x01d705dda4d9e264
Cesta k chybující aplikaci: C:\Program Files\ESET\ESET Security\ekrn.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: 3e588cf2-04cd-487f-ab3f-5fc89b05d4ee
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/12/2021 10:41:33 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na A-DATA SH93 (X:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/12/2021 10:41:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (03/13/2021 07:37:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070002): 2021-03 Kumulativní aktualizace pro Windows 10 Version 20H2 pro systémy typu x64 (KB5000802).

Error: (03/13/2021 07:30:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (03/13/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (03/13/2021 07:24:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF24 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/13/2021 07:24:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby PDF24 bylo dosaženo časového limitu (60000 ms).

Error: (03/13/2021 07:23:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (19:21:50, ‎13.‎03.‎2021) bylo neočekávané.

Error: (03/13/2021 07:10:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200b): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.333.285.0).

Error: (03/13/2021 12:07:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.


Windows Defender:
================
Date: 2020-10-17 21:14:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F5D594BC-6A09-4BD9-A404-069F0E0A86F0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 21:08:37
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4172408-DCF3-4224-A7F9-3A910705287C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 21:00:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {09EA426B-C6FC-435F-AC82-0FD83CCAB965}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 20:43:21
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B794DFC3-1BFE-46FC-93A2-C55ECB494533}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-13 19:10:10
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.17900.7
Předchozí verze modulu: 1.1.17500.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2021-03-13 18:57:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-03-12 23:47:30
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-03-12 23:44:12
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.07 09/11/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 71%
Total physical RAM: 3977.98 MB
Available physical RAM: 1152.16 MB
Total Virtual: 5129.98 MB
Available Virtual: 2105.28 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:175.95 GB) (Free:119.19 GB) NTFS
Drive d: () (Fixed) (Total:273.23 GB) (Free:244.09 GB) NTFS
Drive x: (A-DATA SH93) (Fixed) (Total:465.76 GB) (Free:170.05 GB) NTFS

\\?\Volume{ca5a3665-0f8e-4427-8d9e-e97c3fe3d496}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{f10360ef-b226-4dc5-a7c8-edf6095818e8}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D4D8FAEF)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: C6B16518)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: PREVENTIVKA

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

lebka75
Návštěvník
Návštěvník
Příspěvky: 301
Registrován: 25 říj 2009 23:46

Re: PREVENTIVKA

#3 Příspěvek od lebka75 »

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-13-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1268 octets] - [03/06/2019 19:19:16]
AdwCleaner[C00].txt - [1434 octets] - [03/06/2019 19:19:37]
AdwCleaner[S01].txt - [1985 octets] - [13/03/2021 21:58:03]
AdwCleaner[C01].txt - [2118 octets] - [13/03/2021 21:58:25]
AdwCleaner[S02].txt - [1649 octets] - [13/03/2021 21:59:43]
AdwCleaner[C02].txt - [1840 octets] - [13/03/2021 21:59:50]
AdwCleaner[S03].txt - [1771 octets] - [13/03/2021 22:01:08]
AdwCleaner[C03].txt - [1962 octets] - [13/03/2021 22:01:20]
AdwCleaner[S04].txt - [1893 octets] - [13/03/2021 22:08:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: PREVENTIVKA

#4 Příspěvek od Conder »

Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

lebka75
Návštěvník
Návštěvník
Příspěvky: 301
Registrován: 25 říj 2009 23:46

Re: PREVENTIVKA

#5 Příspěvek od lebka75 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by já (administrator) on DESKTOP-8PLP21H (Acer Aspire ES1-512) (14-03-2021 18:10:17)
Running from C:\Users\já\Desktop
Loaded Profiles: já
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(geek software GmbH -> geek software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2102.8653.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Viber Media S.à r.l. -> Viber Media S.à r.l.) C:\Users\já\AppData\Local\Viber\Viber.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\Run: [Viber] => C:\Users\já\AppData\Local\Viber\Viber.exe [30797904 2017-09-13] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\MountPoints2: {895511a2-7d06-11e8-9fb4-206a8aa24e4f} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2161920 2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-14] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16B0C8C9-5B4B-49B3-ABD2-F82009906736} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1BD7A831-7182-4916-ABAE-0DFD1EE0EC5D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2AF1A89C-F5F3-4C79-B0DF-C9B6319A482F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {665A23CE-4293-458C-951F-491CE61BE3A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {ADC71B45-E9CE-4F95-8830-6EA5A652BCE5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {B0335A96-2927-46A9-9D86-2579CB671470} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-07] (Google Inc -> Google Inc.)
Task: {CB0C02EE-993D-41A0-B3D6-500FEE4D02DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-07] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{639aff68-58c1-4ebd-9aca-0abc36958470}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71f1ac28-025c-4086-9fb9-d0cba551526c}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge Profile: C:\Users\já\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-14]
Edge StartupUrls: Default -> "hxxp://search.mpc.am/"
Edge DefaultSearchURL: Default -> hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
Edge DefaultSearchKeyword: Default -> search.mpc.am
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF ProfilePath: C:\Users\já\AppData\Roaming\Mozilla\Firefox\Profiles\r3qxdw4b.default [2017-08-09]
FF Homepage: Mozilla\Firefox\Profiles\r3qxdw4b.default -> hxxps://www.seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\já\AppData\Roaming\Mozilla\Firefox\Profiles\r3qxdw4b.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09] [Legacy]
FF Extension: (Seznam lištička) - C:\Users\já\AppData\Roaming\Mozilla\Firefox\Profiles\r3qxdw4b.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13] [Legacy]
FF Extension: (No Name) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi\ [not found]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi => not found
FF HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi [2019-12-03] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2021-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2021-03-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-912284268-512413669-3595411638-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-912284268-512413669-3595411638-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-912284268-512413669-3595411638-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\já\AppData\Local\Google\Chrome\User Data\Default [2021-03-14]
CHR Notifications: Default -> hxxps://smartmania.cz
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Seznam doplněk - Email) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-03-13]
CHR Extension: (YouTube) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-07]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-01]
CHR Extension: (Simple Black) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiebpogodlfaodmhajdmmkllklacjfgk [2021-03-14]
CHR Extension: (Tabulky) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-12]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-14]
CHR Extension: (Save to Facebook) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2020-01-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\já\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR Profile: C:\Users\já\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-04]
CHR Profile: C:\Users\já\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-04]
CHR HKU\S-1-5-21-912284268-512413669-3595411638-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
S2 ssinstall; C:\WINDOWS\SysWoW64\ssins.exe [4696960 2016-11-23] (PS Media s.r.o. -> PS Media s.r.o.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\ProgramData\Kingsoft\office6\wpscloudsvr.exe [1482496 2020-12-09] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
S2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
S3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [39112 2017-03-29] (Wondershare Technology Co.,Ltd -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 18:10 - 2021-03-14 18:13 - 000022885 _____ C:\Users\já\Desktop\FRST.txt
2021-03-14 12:59 - 2021-03-14 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2021-03-14 12:59 - 2021-03-14 12:59 - 000000000 ____D C:\ProgramData\ESET
2021-03-14 12:59 - 2021-03-14 12:59 - 000000000 ____D C:\Program Files\ESET
2021-03-14 11:28 - 2021-03-14 11:28 - 000000000 ____D C:\Users\já\AppData\Local\mbam
2021-03-14 11:26 - 2021-03-14 11:26 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-13 21:51 - 2021-03-13 21:51 - 008463216 _____ (Malwarebytes) C:\Users\já\Desktop\adwcleaner_8.1.exe
2021-03-13 19:30 - 2021-03-14 18:09 - 002300928 _____ (Farbar) C:\Users\já\Desktop\FRST64.exe
2021-03-13 19:15 - 2021-03-13 19:15 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-13 19:14 - 2021-03-13 19:14 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-13 19:14 - 2021-03-13 19:14 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-13 19:14 - 2021-03-13 19:14 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-13 19:13 - 2021-03-13 19:13 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-13 19:13 - 2021-03-13 19:13 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-13 19:13 - 2021-03-13 19:13 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-13 19:13 - 2021-03-13 19:13 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-13 19:12 - 2021-03-13 19:12 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-13 19:12 - 2021-03-13 19:12 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-13 19:12 - 2021-03-13 19:12 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-13 19:03 - 2021-03-13 19:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-03-13 00:28 - 2021-03-13 00:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2021-03-13 00:15 - 2021-03-13 00:36 - 000000000 ____D C:\Users\já\AppData\Local\Avira
2021-03-13 00:12 - 2021-03-13 19:23 - 000000000 ____D C:\Program Files (x86)\Avira
2021-03-13 00:12 - 2021-03-13 19:07 - 000000000 ____D C:\ProgramData\Avira
2021-02-19 22:43 - 2021-02-19 22:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 18:13 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-14 18:12 - 2019-06-03 18:24 - 000000000 ____D C:\FRST
2021-03-14 16:57 - 2016-01-15 11:09 - 000000000 ____D C:\Users\já\Documents\ViberDownloads
2021-03-14 16:49 - 2020-06-28 20:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-14 14:10 - 2016-01-17 11:23 - 000000000 ____D C:\Users\já\AppData\Roaming\vlc
2021-03-14 13:00 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-14 13:00 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-14 12:26 - 2016-10-07 09:23 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-14 12:24 - 2019-01-12 18:52 - 000000000 ____D C:\Users\já\AppData\Local\CrashDumps
2021-03-14 12:19 - 2016-01-15 11:05 - 000000000 ____D C:\Users\já\AppData\Roaming\ViberPC
2021-03-14 12:19 - 2016-01-13 09:44 - 000000000 __SHD C:\Users\já\IntelGraphicsProfiles
2021-03-14 11:59 - 2020-06-28 20:31 - 000539832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-14 11:58 - 2020-06-28 21:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-14 11:58 - 2020-06-28 20:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-14 11:58 - 2016-08-31 19:36 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-14 11:57 - 2019-12-07 10:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-03-14 11:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-14 11:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-14 11:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-14 11:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-14 11:26 - 2016-09-01 19:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-14 11:16 - 2016-01-23 17:56 - 000099192 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-03-14 11:16 - 2016-01-23 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-03-14 11:15 - 2016-01-23 17:55 - 000000000 ____D C:\Program Files (x86)\Java
2021-03-14 11:14 - 2016-01-13 10:36 - 000000000 ____D C:\Users\já\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-14 11:14 - 2016-01-13 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-14 11:14 - 2016-01-13 10:35 - 000000000 ____D C:\Program Files\WinRAR
2021-03-14 11:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-14 10:15 - 2020-06-25 16:03 - 000000000 ___HD C:\$WinREAgent
2021-03-14 10:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-13 19:05 - 2018-12-26 18:51 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-13 00:13 - 2016-01-13 10:19 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-03-12 23:08 - 2016-01-13 10:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-12 22:48 - 2016-01-13 10:17 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-12 10:39 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-12 10:32 - 2016-07-03 17:48 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-11 23:01 - 2020-08-06 19:40 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-06 18:01 - 2020-06-28 21:16 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-03-04 16:38 - 2020-08-06 19:40 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 16:38 - 2020-08-06 19:40 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-26 22:13 - 2020-06-28 21:16 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-912284268-512413669-3595411638-1001
2021-02-26 22:11 - 2020-06-28 20:36 - 000002356 _____ C:\Users\já\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-26 22:11 - 2016-01-13 09:47 - 000000000 ___RD C:\Users\já\OneDrive
2021-02-18 11:19 - 2017-12-02 20:46 - 000000000 ____D C:\Users\já\AppData\Local\Packages
2021-02-15 10:11 - 2020-06-28 20:47 - 001693200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-15 10:11 - 2019-12-07 15:41 - 000717844 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-15 10:11 - 2019-12-07 15:41 - 000144986 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 20:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-14 20:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-14 20:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-14 20:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-14 20:49 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-13 20:04 - 2020-06-28 20:36 - 000000000 ____D C:\Users\já

==================== Files in the root of some directories ========

2020-02-17 17:19 - 2020-02-17 17:19 - 000000273 _____ () C:\ProgramData\fontcacheev1.dat
2016-12-12 09:48 - 2016-12-12 09:48 - 000099384 _____ () C:\Users\já\AppData\Roaming\inst.exe
2016-12-12 09:48 - 2016-12-12 09:48 - 000007859 _____ () C:\Users\já\AppData\Roaming\pcouffin.cat
2016-12-12 09:48 - 2016-12-12 09:48 - 000001167 _____ () C:\Users\já\AppData\Roaming\pcouffin.inf
2016-12-12 09:48 - 2016-12-12 09:48 - 000000055 _____ () C:\Users\já\AppData\Roaming\pcouffin.log
2016-12-12 09:48 - 2016-12-12 09:48 - 000082816 _____ (VSO Software) C:\Users\já\AppData\Roaming\pcouffin.sys
2016-09-29 20:09 - 2016-09-29 20:09 - 000029696 _____ () C:\Users\já\AppData\Local\MSGBOX.EXE
2020-04-25 10:48 - 2020-04-25 10:48 - 000000017 _____ () C:\Users\já\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by já (14-03-2021 18:18:34)
Running from C:\Users\já\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2020-06-28 20:17:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-912284268-512413669-3595411638-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-912284268-512413669-3595411638-503 - Limited - Disabled)
Guest (S-1-5-21-912284268-512413669-3595411638-501 - Limited - Disabled)
já (S-1-5-21-912284268-512413669-3595411638-1001 - Administrator - Enabled) => C:\Users\já
WDAGUtilityAccount (S-1-5-21-912284268-512413669-3595411638-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.16.161230 - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.19.170329 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LibreOffice 5.3.3.2 (HKLM-x32\...\{C7C4A0C6-8483-4065-851D-CBE5DC17D046}) (Version: 5.3.3.2 - The Document Foundation)
Mazda Toolbox (HKLM-x32\...\Mazda Toolbox) (Version: - )
Micro Foundation 2 version 1.3 (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\{B1E414B9-EBB1-4940-B64B-83D18C2DB853}}_is1) (Version: 1.3 - Micro Foundation 2, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
One Click Root (HKLM-x32\...\{6EAD0BE5-D1CF-4BE8-A66F-53FE9B8D89CC}) (Version: 1.0.0.4 - One Click Root)
PDF24 Creator 9.2.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.2 - PDF24.org)
PDF-XChange Editor (HKLM\...\{FCF7B5F2-5903-496E-A0FC-CF7D80F639E6}) (Version: 7.0.328.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{fae4f082-14b4-4a76-a508-939fd140e2f3}) (Version: 7.0.328.1 - Tracker Software Products (Canada) Ltd.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.71 - VSO Software)
Vypínač na dobrou noc verze 2.0 (HKLM-x32\...\Vypínač na dobrou noc_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wondershare AllMyTube(Build 7.4.6.6) (HKLM-x32\...\AllMyTube_is1) (Version: 7.4.6.6 - Wondershare)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-02] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2018-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-03 10:44 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-12-03 10:44 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-12-03 10:44 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231944968007426&GUID=C33F4CEC-6AE8-457A-91C9-796B70D4BEB1
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231944968031751&GUID=C33F4CEC-6AE8-457A-91C9-796B70D4BEB1
SearchScopes: HKU\S-1-5-21-912284268-512413669-3595411638-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2021-03-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2021-03-14] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-01-13 02:12 - 2016-09-29 18:18 - 000000753 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\já\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\111111111111.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{71A323A2-C1B9-4B73-8301-7957666B0B33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3A135B4B-D9C6-4A93-84EC-7B50961DE2B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B34347ED-A7CC-4437-A987-5FF6A98ABD56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B314725F-0113-4BA9-85FA-E034172B180D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{77C3BD57-FE8A-4634-921F-ACB4F1C82CB5}] => (Allow) LPort=1900
FirewallRules: [{359B1826-AECD-4106-A908-EBD4185A6BAC}] => (Allow) LPort=2869
FirewallRules: [{8FF95AB1-D705-43C0-8DE7-1F6B41201183}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D226257-36B0-4751-85A5-2AC132BBA523}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{0598EA93-22BE-4310-BD6C-731271DFE0F7}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3CAC7DDC-7256-402A-8819-97CE996CD4D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{56228B00-0FBA-4DF9-8877-2F1A2E537764}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{610DFEE1-9C54-4D6E-B05A-6D04464D6DC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC6D1F58-D7BA-44B3-892B-F5AF7E968175}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68681A10-3268-4C08-B1C3-AC5264B5D06B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FCAC1CE8-3B5D-41A7-BA3A-EDB45AD665FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7FDC33A-79D7-40B3-B304-ECA805533EA2}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{24311152-AD07-4244-A0AD-9D1E4EF3C872}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E42EBEA9-3667-46C6-BD3A-46EFEAFD62A4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{14661C49-620C-4663-AD44-AB1339799E27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-03-2021 10:16:15 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/14/2021 01:13:15 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (03/14/2021 01:13:15 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/14/2021 01:13:15 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/14/2021 12:55:21 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (03/14/2021 12:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Název chybujícího modulu: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Kód výjimky: 0x80000003
Posun chyby: 0x000000000001f6dd
ID chybujícího procesu: 0x21d8
Čas spuštění chybující aplikace: 0x01d718c4889c0654
Cesta k chybující aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ID zprávy: 4427e7ba-2fb6-40bc-9d6d-d18cb28345fc
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2021 12:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Název chybujícího modulu: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Kód výjimky: 0x80000003
Posun chyby: 0x000000000001f6dd
ID chybujícího procesu: 0x2124
Čas spuštění chybující aplikace: 0x01d718c460160d87
Cesta k chybující aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ID zprávy: 03a8cd4a-5224-4409-ae7f-e1b63cf77452
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2021 12:21:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Název chybujícího modulu: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Kód výjimky: 0x80000003
Posun chyby: 0x000000000001f6dd
ID chybujícího procesu: 0x1784
Čas spuštění chybující aplikace: 0x01d718c43a9b196f
Cesta k chybující aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ID zprávy: d5d02ef0-3e24-4885-ba3a-c40a5daeb3cb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2021 12:20:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Název chybujícího modulu: chrome.exe, verze: 89.0.4389.82, časové razítko: 0x6041845e
Kód výjimky: 0x80000003
Posun chyby: 0x000000000001f6dd
ID chybujícího procesu: 0x1b44
Čas spuštění chybující aplikace: 0x01d718c40fd005f0
Cesta k chybující aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ID zprávy: 33fac478-ac5e-45c4-b862-284319702b9e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (03/14/2021 09:58:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PLP21H)
Description: Server Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/14/2021 09:58:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PLP21H)
Description: Server microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/14/2021 09:52:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PLP21H)
Description: Server microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/13/2021 10:09:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (03/13/2021 10:09:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Genuine Monitor Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/13/2021 10:09:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Genuine Software Integrity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/13/2021 10:09:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/13/2021 10:09:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba PDF24 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2021-03-13 21:50:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DC9AA06D-733D-44D7-9059-043A365A6D3A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 21:14:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F5D594BC-6A09-4BD9-A404-069F0E0A86F0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 21:08:37
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4172408-DCF3-4224-A7F9-3A910705287C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 21:00:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {09EA426B-C6FC-435F-AC82-0FD83CCAB965}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-17 20:43:21
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B794DFC3-1BFE-46FC-93A2-C55ECB494533}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-13 19:10:10
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.17900.7
Předchozí verze modulu: 1.1.17500.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2021-03-14 11:35:12
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-03-14 11:19:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.07 09/11/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 75%
Total physical RAM: 3977.98 MB
Available physical RAM: 965.25 MB
Total Virtual: 5563.02 MB
Available Virtual: 1739.46 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:175.95 GB) (Free:116.39 GB) NTFS
Drive d: () (Fixed) (Total:273.23 GB) (Free:244.09 GB) NTFS
Drive f: () (Removable) (Total:14.45 GB) (Free:9.93 GB) NTFS
Drive x: (A-DATA SH93) (Fixed) (Total:465.76 GB) (Free:167.59 GB) NTFS

\\?\Volume{ca5a3665-0f8e-4427-8d9e-e97c3fe3d496}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{f10360ef-b226-4dc5-a7c8-edf6095818e8}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D4D8FAEF)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: C6B16518)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: PREVENTIVKA

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\MountPoints2: {895511a2-7d06-11e8-9fb4-206a8aa24e4f} - "E:\HiSuiteDownLoader.exe" 
    Edge StartupUrls: Default -> "hxxp://search.mpc.am/"
    Edge DefaultSearchURL: Default -> hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
    Edge DefaultSearchKeyword: Default -> search.mpc.am
    FF Extension: (No Name) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi\ [not found]
    FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi => not found
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    2016-09-29 20:09 - 2016-09-29 20:09 - 000029696 _____ () C:\Users\já\AppData\Local\MSGBOX.EXE
    CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll => No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    ContextMenuHandlers1_S-1-5-21-912284268-512413669-3595411638-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
    ContextMenuHandlers4_S-1-5-21-912284268-512413669-3595411638-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
    FirewallRules: [{E7FDC33A-79D7-40B3-B304-ECA805533EA2}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
    FirewallRules: [{24311152-AD07-4244-A0AD-9D1E4EF3C872}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
    FirewallRules: [{E42EBEA9-3667-46C6-BD3A-46EFEAFD62A4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

lebka75
Návštěvník
Návštěvník
Příspěvky: 301
Registrován: 25 říj 2009 23:46

Re: PREVENTIVKA

#7 Příspěvek od lebka75 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by já (15-03-2021 18:37:31) Run:2
Running from C:\Users\já\Desktop
Loaded Profiles: já
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-912284268-512413669-3595411638-1001\...\MountPoints2: {895511a2-7d06-11e8-9fb4-206a8aa24e4f} - "E:\HiSuiteDownLoader.exe"
Edge StartupUrls: Default -> "hxxp://search.mpc.am/"
Edge DefaultSearchURL: Default -> hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
Edge DefaultSearchKeyword: Default -> search.mpc.am
FF Extension: (No Name) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi\ [not found]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
2016-09-29 20:09 - 2016-09-29 20:09 - 000029696 _____ () C:\Users\já\AppData\Local\MSGBOX.EXE
CustomCLSID: HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers1_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-912284268-512413669-3595411638-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\já\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\kwpsmenushellext64.dll -> No File
FirewallRules: [{E7FDC33A-79D7-40B3-B304-ECA805533EA2}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{24311152-AD07-4244-A0AD-9D1E4EF3C872}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{E42EBEA9-3667-46C6-BD3A-46EFEAFD62A4}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 42
Average :
Sum : 191887259
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

HKU\S-1-5-21-912284268-512413669-3595411638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{895511a2-7d06-11e8-9fb4-206a8aa24e4f} => removed successfully
"Edge StartupUrls" => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Edge DefaultSearchKeyword" => removed successfully
C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi\ => path could not remove
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\AllMyTube@Wondershare.com" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
C:\Users\já\AppData\Local\MSGBOX.EXE => moved successfully
HKU\S-1-5-21-912284268-512413669-3595411638-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\ kwpsshellext => removed successfully
HKU\S-1-5-21-912284268-512413669-3595411638-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ kwpsshellext => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7FDC33A-79D7-40B3-B304-ECA805533EA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24311152-AD07-4244-A0AD-9D1E4EF3C872}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E42EBEA9-3667-46C6-BD3A-46EFEAFD62A4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18202199 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 327198072 B
Edge => 1151352 B
Chrome => 1332656029 B
Firefox => 309 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 228428 B
NetworkService => 246938 B
já => 289847274 B
Venca => 289847274 B

RecycleBin => 327550377 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:48:22 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: PREVENTIVKA

#8 Příspěvek od Conder »

OK, zopar zbytocnost sme precistili, inak logy vyzeraju OK. Ako to vyzera s PC? su nejake problemy?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

lebka75
Návštěvník
Návštěvník
Příspěvky: 301
Registrován: 25 říj 2009 23:46

Re: PREVENTIVKA

#9 Příspěvek od lebka75 »

zdá se , že vše ok, díky :worship:

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: PREVENTIVKA

#10 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět